SSC-3: Key encryption doc 06-103r0.txt posted

Black_David at Black_David at
Wed Feb 15 18:37:10 PST 2006

* From the T10 Reflector (t10 at, posted by:
* Black_David at
An open issue in the tape encryption commands (currently
05-446r5) is whether to specify encryption of the keys
that are passed to the device - the keys are currently passed
in the clear or by reference (the latter only works for a
key already present in the device).
I've just posted 06-103r0:
which lays out a design for a relatively simple protocol
to accomplish this encryption.
There are three important things to understand about this
(1) It only addresses the problem of providing an alternative
  to passing encryption keys in the clear.  It does not
  perform authentication, use certificates, or address a
  number of other issues pointed out in the document.
  This is necessary to get something done on the schedule
  that the tape encryption commands appear to be on.  Those
  interested in authentication, etc. are encouraged to design
  additional protocols.
(2) The design makes extensive reuse of IPsec technology.  IPsec
  is a well-established security protocol suite primarily used
  for VPNs.  Some of the document will probably not make sense
  to those  not already familiar with IPsec (sorry).  This
  is one of   the things that will improve as this proposal
  is worked on.
(3) This is an r0 document that lays out the design approach.
  Not all the design details are present, and there are a
  number of open issues.  Nothing in this document should
  be assumed to be final - things will change and get fleshed
  out as the proposal is worked on.  For example, the document
  currently proposes prohibiting passing keys in the clear -
  that may be excessively restrictive.
The proposal should be discussed on Friday's SSC-3 Key Management
(tape encryption) call.
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953	      FAX: +1 (508) 293-7786
black_david at	   Mobile: +1 (978) 394-7754
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at

More information about the T10 mailing list